Overview

overview

10

Static

static

10

AURORA STEALER.rar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AURORA STEALER.rar

  • Size

    10.9MB

  • Sample

    240722-t7qs3sxanc

  • MD5

    7077d053f377ac289bde8e57de60f4a5

  • SHA1

    779664f5ff55cd1035e58f2f5568e8a41a370288

  • SHA256

    282cd2c35141a47148dae9a17263d20edf209dca310112ebb11c47710091fdf7

  • SHA512

    9118b53f275784ad90a3a7bfc5cd578a51fb000bff5d9beab14a4c47b3e2ba8b7c005530c3871166172f6edf090c9763d811225bedeb2327c8034d2a67511a67

  • SSDEEP

    196608:JXoE/rNj9hezMG/8YV8XUEQNar9lG45v/MdB3Nb2e9mMIF0HjS:JBpheIGEzHEi/kNb2esF9

Score
10/10
aurorashurkexecutioninfostealerstealer

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://rentry.org/sb54d2/raw

Targets

    • Target

      AURORA STEALER.rar

    • Size

      10.9MB

    • MD5

      7077d053f377ac289bde8e57de60f4a5

    • SHA1

      779664f5ff55cd1035e58f2f5568e8a41a370288

    • SHA256

      282cd2c35141a47148dae9a17263d20edf209dca310112ebb11c47710091fdf7

    • SHA512

      9118b53f275784ad90a3a7bfc5cd578a51fb000bff5d9beab14a4c47b3e2ba8b7c005530c3871166172f6edf090c9763d811225bedeb2327c8034d2a67511a67

    • SSDEEP

      196608:JXoE/rNj9hezMG/8YV8XUEQNar9lG45v/MdB3Nb2e9mMIF0HjS:JBpheIGEzHEi/kNb2esF9

    Score
    10/10
    aurorashurkexecutioninfostealerstealer

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

      stealeraurora

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

      infostealershurk

    • Shurk Stealer payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks